From 40b1ba2845d6a6b4bfab540e7266d1687ffdf8a3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 6 Aug 2021 14:00:50 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/22xxx/CVE-2020-22330.json | 56 +++++++++++++++++++++++++++---- 2021/31xxx/CVE-2021-31291.json | 58 ++++---------------------------- 2021/33xxx/CVE-2021-33629.json | 2 +- 2021/36xxx/CVE-2021-36209.json | 56 +++++++++++++++++++++++++++---- 2021/36xxx/CVE-2021-36351.json | 61 ++++++++++++++++++++++++++++++---- 2021/36xxx/CVE-2021-36705.json | 56 +++++++++++++++++++++++++++---- 2021/36xxx/CVE-2021-36706.json | 56 +++++++++++++++++++++++++++---- 2021/36xxx/CVE-2021-36707.json | 56 +++++++++++++++++++++++++++---- 2021/36xxx/CVE-2021-36708.json | 56 +++++++++++++++++++++++++++---- 2021/37xxx/CVE-2021-37540.json | 56 +++++++++++++++++++++++++++---- 2021/37xxx/CVE-2021-37541.json | 56 +++++++++++++++++++++++++++---- 2021/37xxx/CVE-2021-37542.json | 56 +++++++++++++++++++++++++++---- 2021/37xxx/CVE-2021-37543.json | 56 +++++++++++++++++++++++++++---- 2021/37xxx/CVE-2021-37544.json | 56 +++++++++++++++++++++++++++---- 2021/37xxx/CVE-2021-37545.json | 56 +++++++++++++++++++++++++++---- 2021/37xxx/CVE-2021-37546.json | 56 +++++++++++++++++++++++++++---- 2021/37xxx/CVE-2021-37547.json | 56 +++++++++++++++++++++++++++---- 2021/37xxx/CVE-2021-37548.json | 56 +++++++++++++++++++++++++++---- 2021/37xxx/CVE-2021-37549.json | 56 +++++++++++++++++++++++++++---- 2021/37xxx/CVE-2021-37550.json | 56 +++++++++++++++++++++++++++---- 2021/37xxx/CVE-2021-37551.json | 56 +++++++++++++++++++++++++++---- 2021/37xxx/CVE-2021-37552.json | 56 +++++++++++++++++++++++++++---- 2021/37xxx/CVE-2021-37553.json | 56 +++++++++++++++++++++++++++---- 2021/37xxx/CVE-2021-37554.json | 56 +++++++++++++++++++++++++++---- 24 files changed, 1113 insertions(+), 184 deletions(-) diff --git a/2020/22xxx/CVE-2020-22330.json b/2020/22xxx/CVE-2020-22330.json index 06f722cad9e..06949beede2 100644 --- a/2020/22xxx/CVE-2020-22330.json +++ b/2020/22xxx/CVE-2020-22330.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-22330", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-22330", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/intelliants/subrion/issues/850", + "refsource": "MISC", + "name": "https://github.com/intelliants/subrion/issues/850" } ] } diff --git a/2021/31xxx/CVE-2021-31291.json b/2021/31xxx/CVE-2021-31291.json index 51ddc9a2f06..942d0f415cc 100644 --- a/2021/31xxx/CVE-2021-31291.json +++ b/2021/31xxx/CVE-2021-31291.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2021-31291", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-31291", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "A heap-based buffer overflow vulnerability in jp2image.cpp of Exiv2 0.27.3 allows attackers to cause a denial of service (DOS) via crafted metadata." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/Exiv2/exiv2/issues/1529", - "refsource": "MISC", - "name": "https://github.com/Exiv2/exiv2/issues/1529" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-29457. Reason: This candidate is a duplicate of CVE-2021-29457. Notes: All CVE users should reference CVE-2021-29457 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2021/33xxx/CVE-2021-33629.json b/2021/33xxx/CVE-2021-33629.json index 84e770a373e..7226bdd88b6 100644 --- a/2021/33xxx/CVE-2021-33629.json +++ b/2021/33xxx/CVE-2021-33629.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "isula-build before 0.9.5-8 can cause a program crash, when building container images, some functions for processing external data do not remove spaces when processing data." + "value": "isula-build before 0.9.5-6 can cause a program crash, when building container images, some functions for processing external data do not remove spaces when processing data." } ] } diff --git a/2021/36xxx/CVE-2021-36209.json b/2021/36xxx/CVE-2021-36209.json index 1749f635345..1ff46584dee 100644 --- a/2021/36xxx/CVE-2021-36209.json +++ b/2021/36xxx/CVE-2021-36209.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36209", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36209", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/", + "url": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/" } ] } diff --git a/2021/36xxx/CVE-2021-36351.json b/2021/36xxx/CVE-2021-36351.json index e6d15b61b42..a7781f802cc 100644 --- a/2021/36xxx/CVE-2021-36351.json +++ b/2021/36xxx/CVE-2021-36351.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36351", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36351", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via the (1) pday, (2) pmonth, and (3) pyear parameters in GET requests sent to /modules/nursing/nursing-station.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/50165", + "url": "https://www.exploit-db.com/exploits/50165" + }, + { + "refsource": "MISC", + "name": "https://securityforeveryone.com/blog/care2x-hospital-information-management-system-0-day-vulnerability-cve-2021-36351", + "url": "https://securityforeveryone.com/blog/care2x-hospital-information-management-system-0-day-vulnerability-cve-2021-36351" } ] } diff --git a/2021/36xxx/CVE-2021-36705.json b/2021/36xxx/CVE-2021-36705.json index 0d7dc4c54b6..4e33523c530 100644 --- a/2021/36xxx/CVE-2021-36705.json +++ b/2021/36xxx/CVE-2021-36705.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36705", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36705", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the adm.cgi binary, accessible with a page parameter value of TR069 contains a trivial command injection where the value of the TR069_local_port parameter is passed directly to system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ayrx.me/prolink-prc2402m-multiple-vulnerabilities/#tr069-command-injection", + "refsource": "MISC", + "name": "https://www.ayrx.me/prolink-prc2402m-multiple-vulnerabilities/#tr069-command-injection" } ] } diff --git a/2021/36xxx/CVE-2021-36706.json b/2021/36xxx/CVE-2021-36706.json index 32f91908486..5e7e82db5e4 100644 --- a/2021/36xxx/CVE-2021-36706.json +++ b/2021/36xxx/CVE-2021-36706.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36706", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36706", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the adm.cgi binary, accessible with a page parameter value of sysCMD contains a trivial command injection where the value of the command parameter is passed directly to system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ayrx.me/prolink-prc2402m-multiple-vulnerabilities/#syscmd-command-injection", + "refsource": "MISC", + "name": "https://www.ayrx.me/prolink-prc2402m-multiple-vulnerabilities/#syscmd-command-injection" } ] } diff --git a/2021/36xxx/CVE-2021-36707.json b/2021/36xxx/CVE-2021-36707.json index f18fa9c159a..b3f9378d8d1 100644 --- a/2021/36xxx/CVE-2021-36707.json +++ b/2021/36xxx/CVE-2021-36707.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36707", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36707", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the led_cmd parameter is passed directly to do_system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ayrx.me/prolink-prc2402m-multiple-vulnerabilities/#ledonoff-command-injection", + "refsource": "MISC", + "name": "https://www.ayrx.me/prolink-prc2402m-multiple-vulnerabilities/#ledonoff-command-injection" } ] } diff --git a/2021/36xxx/CVE-2021-36708.json b/2021/36xxx/CVE-2021-36708.json index 6a831363545..6b66870e18d 100644 --- a/2021/36xxx/CVE-2021-36708.json +++ b/2021/36xxx/CVE-2021-36708.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36708", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36708", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ayrx.me/prolink-prc2402m-multiple-vulnerabilities/#sysinit-password-reset", + "refsource": "MISC", + "name": "https://www.ayrx.me/prolink-prc2402m-multiple-vulnerabilities/#sysinit-password-reset" } ] } diff --git a/2021/37xxx/CVE-2021-37540.json b/2021/37xxx/CVE-2021-37540.json index 955ec05016d..d825918b037 100644 --- a/2021/37xxx/CVE-2021-37540.json +++ b/2021/37xxx/CVE-2021-37540.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37540", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37540", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/", + "url": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/" } ] } diff --git a/2021/37xxx/CVE-2021-37541.json b/2021/37xxx/CVE-2021-37541.json index adb2d12b74c..c95a572b913 100644 --- a/2021/37xxx/CVE-2021-37541.json +++ b/2021/37xxx/CVE-2021-37541.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37541", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37541", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/", + "url": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/" } ] } diff --git a/2021/37xxx/CVE-2021-37542.json b/2021/37xxx/CVE-2021-37542.json index 77ac6bbae93..71578ff1cc6 100644 --- a/2021/37xxx/CVE-2021-37542.json +++ b/2021/37xxx/CVE-2021-37542.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37542", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37542", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In JetBrains TeamCity before 2020.2.3, XSS was possible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/", + "url": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/" } ] } diff --git a/2021/37xxx/CVE-2021-37543.json b/2021/37xxx/CVE-2021-37543.json index cd14255f445..557ca90f21a 100644 --- a/2021/37xxx/CVE-2021-37543.json +++ b/2021/37xxx/CVE-2021-37543.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37543", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37543", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/", + "url": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/" } ] } diff --git a/2021/37xxx/CVE-2021-37544.json b/2021/37xxx/CVE-2021-37544.json index dad39a13dcd..2d3ff122b36 100644 --- a/2021/37xxx/CVE-2021-37544.json +++ b/2021/37xxx/CVE-2021-37544.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37544", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37544", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/", + "url": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/" } ] } diff --git a/2021/37xxx/CVE-2021-37545.json b/2021/37xxx/CVE-2021-37545.json index 7ad48850d22..4305321dd24 100644 --- a/2021/37xxx/CVE-2021-37545.json +++ b/2021/37xxx/CVE-2021-37545.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37545", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37545", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/", + "url": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/" } ] } diff --git a/2021/37xxx/CVE-2021-37546.json b/2021/37xxx/CVE-2021-37546.json index 77b7828749f..bb228926a0c 100644 --- a/2021/37xxx/CVE-2021-37546.json +++ b/2021/37xxx/CVE-2021-37546.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37546", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37546", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/", + "url": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/" } ] } diff --git a/2021/37xxx/CVE-2021-37547.json b/2021/37xxx/CVE-2021-37547.json index 17570885c80..e87f0e383d8 100644 --- a/2021/37xxx/CVE-2021-37547.json +++ b/2021/37xxx/CVE-2021-37547.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37547", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37547", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/", + "url": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/" } ] } diff --git a/2021/37xxx/CVE-2021-37548.json b/2021/37xxx/CVE-2021-37548.json index a60da4780e0..96c810a8010 100644 --- a/2021/37xxx/CVE-2021-37548.json +++ b/2021/37xxx/CVE-2021-37548.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37548", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37548", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/", + "url": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/" } ] } diff --git a/2021/37xxx/CVE-2021-37549.json b/2021/37xxx/CVE-2021-37549.json index f75e990ad6b..a4a328225fb 100644 --- a/2021/37xxx/CVE-2021-37549.json +++ b/2021/37xxx/CVE-2021-37549.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37549", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37549", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/", + "url": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/" } ] } diff --git a/2021/37xxx/CVE-2021-37550.json b/2021/37xxx/CVE-2021-37550.json index bb79846dac6..b96ec08f94e 100644 --- a/2021/37xxx/CVE-2021-37550.json +++ b/2021/37xxx/CVE-2021-37550.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37550", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37550", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/", + "url": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/" } ] } diff --git a/2021/37xxx/CVE-2021-37551.json b/2021/37xxx/CVE-2021-37551.json index 6171150f284..fc189c1bfd8 100644 --- a/2021/37xxx/CVE-2021-37551.json +++ b/2021/37xxx/CVE-2021-37551.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37551", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37551", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/", + "url": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/" } ] } diff --git a/2021/37xxx/CVE-2021-37552.json b/2021/37xxx/CVE-2021-37552.json index 5f827f75414..cb595839833 100644 --- a/2021/37xxx/CVE-2021-37552.json +++ b/2021/37xxx/CVE-2021-37552.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37552", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37552", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In JetBrains YouTrack before 2021.2.17925, stored XSS was possible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/", + "url": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/" } ] } diff --git a/2021/37xxx/CVE-2021-37553.json b/2021/37xxx/CVE-2021-37553.json index d024b563b3b..6b8af9a2291 100644 --- a/2021/37xxx/CVE-2021-37553.json +++ b/2021/37xxx/CVE-2021-37553.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37553", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37553", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/", + "url": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/" } ] } diff --git a/2021/37xxx/CVE-2021-37554.json b/2021/37xxx/CVE-2021-37554.json index 5db1bb153fd..cbe9173cf37 100644 --- a/2021/37xxx/CVE-2021-37554.json +++ b/2021/37xxx/CVE-2021-37554.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37554", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37554", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/", + "url": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/" } ] }